isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add -n (non-interactive) flag.

Browse Source
This commit is contained in:
Todd C. Miller
2008-03-18 20:04:41 +00:00
parent f2c84d5a6d
commit c352187cf8
8 changed files with 81 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
WHATSNEW
View File

@@ -58,3 +58,7 @@ What's new in Sudo 1.7?
* A new Defaults option, "mailfrom" that sets the value of the
"From:" field in the warning/error mail. If unspecified, the
login name of the invoking user is used.
* A new flag, -n, may be used to indicate that sudo should not
prompt the user for a password and, instead, exit with an error
if authentication is required.

7
check.c
View File

@@ -84,8 +84,9 @@ static void update_timestamp __P((char *, char *));
* verify who he/she is.
*/
void
check_user(validated)
check_user(validated, interactive)
int validated;
int interactive;
{
char *timestampdir = NULL;
char *timestampfile = NULL;
@@ -99,6 +100,10 @@ check_user(validated)
status = timestamp_status(timestampdir, timestampfile, user_name,
TS_MAKE_DIRS);
if (status != TS_CURRENT || ISSET(validated, FLAG_CHECK_USER)) {
/* Bail out if we are non-interactive and a password is required */
if (!interactive)
errorx(1, "sorry, a password is required to run %s", getprogname());
if (!ISSET(tgetpass_flags, TGP_ASKPASS))
lecture(status);

7
sudo.c
View File

@@ -402,7 +402,7 @@ main(argc, argv, envp)
/* Require a password if sudoers says so. */
if (def_authenticate)
check_user(validated);
check_user(validated, !ISSET(sudo_mode, MODE_NONINTERACTIVE));
/* If run as root with SUDO_USER set, set sudo_user.pw to that user. */
/* XXX - causes confusion when root is not listed in sudoers */
@@ -827,7 +827,7 @@ parse_args(argc, argv)
* Some trickiness is required to allow environment variables
* to be interspersed with command line options.
*/
if ((ch = getopt(argc, argv, "+Aa:bC:c:Eeg:HhiKkLlPp:r:Sst:Uu:Vv")) != -1) {
if ((ch = getopt(argc, argv, "+Aa:bC:c:Eeg:HhiKkLlnPp:r:Sst:Uu:Vv")) != -1) {
switch (ch) {
case 'A':
SET(tgetpass_flags, TGP_ASKPASS);
@@ -907,6 +907,9 @@ parse_args(argc, argv)
usage_excl(1);
excl = 'l';
break;
case 'n':
SET(rval, MODE_NONINTERACTIVE);
break;
case 'V':
rval = MODE_VERSION;
if (excl && excl != 'V')

80
sudo.cat
View File

@@ -8,15 +8,15 @@ NNAAMMEE
sudo, sudoedit - execute a command as another user
SSYYNNOOPPSSIISS
ssuuddoo --hh | --KK | --kk | --LL | --VV | --vv
ssuuddoo [--nn] --hh | --KK | --kk | --LL | --VV | --vv
ssuuddoo --ll[[ll]] [--AASS] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--UU _u_s_e_r_n_a_m_e] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d]
ssuuddoo --ll[[ll]] [--AAnnSS] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d] [--UU _u_s_e_r_n_a_m_e] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d]
[_c_o_m_m_a_n_d]
ssuuddoo [--AAbbEEHHPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d]
ssuuddoo [--AAbbEEHHnnPPSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d]
[--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] [VVAARR=_v_a_l_u_e] [{--ii | --ss] [<_c_o_m_m_a_n_d}]
ssuuddooeeddiitt [--AASS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d]
ssuuddooeeddiitt [--AAnnSS] [--aa _a_u_t_h___t_y_p_e] [--CC _f_d] [--cc _c_l_a_s_s|_-] [--gg _g_r_o_u_p_n_a_m_e|_#_g_i_d]
[--pp _p_r_o_m_p_t] [--uu _u_s_e_r_n_a_m_e|_#_u_i_d] file ...
DDEESSCCRRIIPPTTIIOONN
@@ -61,7 +61,7 @@ DDEESSCCRRIIPPTTIIOONN
1.7 March 2, 2008 1
1.7 March 18, 2008 1
@@ -127,7 +127,7 @@ OOPPTTIIOONNSS
1.7 March 2, 2008 2
1.7 March 18, 2008 2
@@ -193,7 +193,7 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
1.7 March 2, 2008 3
1.7 March 18, 2008 3
@@ -229,6 +229,11 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
--llll), or if --ll is specified multiple times, a longer list
format is used.
-n The --nn (_n_o_n_-_i_n_t_e_r_a_c_t_i_v_e) option prevents ssuuddoo from prompt-
ing the user for a password. If a password is required for
the command to run, ssuuddoo will display an error messages and
exit.
-P The --PP (_p_r_e_s_e_r_v_e _g_r_o_u_p _v_e_c_t_o_r) option causes ssuuddoo to pre-
serve the invoking user's group vector unaltered. By
default, ssuuddoo will initialize the group vector to the list
@@ -252,14 +257,9 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
%U expanded to the login name of the user the command will
be run as (defaults to root)
%u expanded to the invoking user's login name
%% two consecutive % characters are collapsed into a sin-
gle % character
1.7 March 2, 2008 4
1.7 March 18, 2008 4
@@ -268,6 +268,11 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
%u expanded to the invoking user's login name
%% two consecutive % characters are collapsed into a sin-
gle % character
The prompt specified by the --pp option will override the
system password prompt on systems that support PAM unless
the _p_a_s_s_p_r_o_m_p_t___o_v_e_r_r_i_d_e flag is disabled in _s_u_d_o_e_r_s.
@@ -317,15 +322,10 @@ SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
line are subject to the same restrictions as normal environment vari-
ables with one important exception. If the _s_e_t_e_n_v option is set in
_s_u_d_o_e_r_s, the command to be run has the SETENV tag set or the command
matched is ALL, the user may set variables that would overwise be for-
bidden. See _s_u_d_o_e_r_s(4) for more information.
RREETTUURRNN VVAALLUUEESS
Upon successful execution of a program, the return value from ssuuddoo will
1.7 March 2, 2008 5
1.7 March 18, 2008 5
@@ -334,6 +334,11 @@ RREETTUURRNN VVAALLUUEESS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
matched is ALL, the user may set variables that would overwise be for-
bidden. See _s_u_d_o_e_r_s(4) for more information.
RREETTUURRNN VVAALLUUEESS
Upon successful execution of a program, the return value from ssuuddoo will
simply be the return value of the program that was executed.
Otherwise, ssuuddoo quits with an exit value of 1 if there is a configura-
@@ -383,15 +388,10 @@ SSEECCUURRIITTYY NNOOTTEESS
environment variable is _n_o_t modified and is passed unchanged to the
program that ssuuddoo executes.
ssuuddoo will check the ownership of its timestamp directory (_/_v_a_r_/_r_u_n_/_s_u_d_o
by default) and ignore the directory's contents if it is not owned by
root or if it is writable by a user other than root. On systems that
allow non-root users to give away files via _c_h_o_w_n(2), if the timestamp
directory is located in a directory writable by anyone (e.g., _/_t_m_p), it
1.7 March 2, 2008 6
1.7 March 18, 2008 6
@@ -400,6 +400,11 @@ SSEECCUURRIITTYY NNOOTTEESS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
ssuuddoo will check the ownership of its timestamp directory (_/_v_a_r_/_r_u_n_/_s_u_d_o
by default) and ignore the directory's contents if it is not owned by
root or if it is writable by a user other than root. On systems that
allow non-root users to give away files via _c_h_o_w_n(2), if the timestamp
directory is located in a directory writable by anyone (e.g., _/_t_m_p), it
is possible for a user to create the timestamp directory before ssuuddoo is
run. However, because ssuuddoo checks the ownership and mode of the direc-
tory and its contents, the only damage that can be done is to "hide"
@@ -450,14 +455,9 @@ EENNVVIIRROONNMMEENNTT
SUDO_COMMAND Set to the command run by sudo
SUDO_USER Set to the login of the user who invoked sudo
SUDO_UID Set to the uid of the user who invoked sudo
1.7 March 2, 2008 7
1.7 March 18, 2008 7
@@ -466,6 +466,10 @@ EENNVVIIRROONNMMEENNTT
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
SUDO_USER Set to the login of the user who invoked sudo
SUDO_UID Set to the uid of the user who invoked sudo
SUDO_GID Set to the gid of the user who invoked sudo
SUDO_PS1 If set, PS1 will be set to its value
@@ -517,13 +521,9 @@ AAUUTTHHOORRSS
Many people have worked on ssuuddoo over the years; this version consists
of code written primarily by:
Todd C. Miller
See the HISTORY file in the ssuuddoo distribution or visit
1.7 March 2, 2008 8
1.7 March 18, 2008 8
@@ -532,6 +532,9 @@ AAUUTTHHOORRSS
SUDO(1m) MAINTENANCE COMMANDS SUDO(1m)
Todd C. Miller
See the HISTORY file in the ssuuddoo distribution or visit
http://www.sudo.ws/sudo/history.html for a short history of ssuuddoo.
CCAAVVEEAATTSS
@@ -586,9 +589,6 @@ DDIISSCCLLAAIIMMEERR
1.7 March 2, 2008 9
1.7 March 18, 2008 9

3
sudo.h
View File

@@ -114,6 +114,7 @@ struct sudo_user {
#define MODE_RESET_HOME 0x04000
#define MODE_PRESERVE_GROUPS 0x08000
#define MODE_PRESERVE_ENV 0x10000
#define MODE_NONINTERACTIVE 0x20000
/*
* Used with set_perms()
@@ -236,7 +237,7 @@ int mkstemp __P((char *));
char *sudo_goodpath __P((const char *, struct stat *));
char *tgetpass __P((const char *, int, int));
int find_path __P((char *, char **, struct stat *, char *));
void check_user __P((int));
void check_user __P((int, int));
void verify_user __P((struct passwd *, char *));
#ifdef HAVE_LDAP
int sudo_ldap_open __P((struct sudo_nss *));

15
sudo.man.in
View File

@@ -150,17 +150,17 @@
.\" ========================================================================
.\"
.IX Title "SUDO @mansectsu@"
.TH SUDO @mansectsu@ "March 2, 2008" "1.7" "MAINTENANCE COMMANDS"
.TH SUDO @mansectsu@ "March 18, 2008" "1.7" "MAINTENANCE COMMANDS"
.SH "NAME"
sudo, sudoedit \- execute a command as another user
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
\&\fBsudo\fR \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR | \fB\-v\fR
\&\fBsudo\fR [\fB\-n\fR] \fB\-h\fR | \fB\-K\fR | \fB\-k\fR | \fB\-L\fR | \fB\-V\fR | \fB\-v\fR
.PP
\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AS\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR]
\&\fBsudo\fR \fB\-l[l]\fR [\fB\-AnS\fR] [\fB\-g\fR\ \fIgroupname\fR|\fI#gid\fR] [\fB\-U\fR\ \fIusername\fR]
[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR] [\fIcommand\fR]
.PP
\&\fBsudo\fR [\fB\-AbEHPS\fR]
\&\fBsudo\fR [\fB\-AbEHnPS\fR]
@BAMAN@[\fB\-a\fR\ \fIauth_type\fR]
[\fB\-C\fR\ \fIfd\fR]
@LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
@@ -169,7 +169,7 @@ sudo, sudoedit \- execute a command as another user
[\fB\-u\fR\ \fIusername\fR|\fI#uid\fR]
[\fB\s-1VAR\s0\fR=\fIvalue\fR] [{\fB\-i\fR\ |\ \fB\-s\fR]\ [<\fIcommand\fR}]
.PP
\&\fBsudoedit\fR [\fB\-AS\fR]
\&\fBsudoedit\fR [\fB\-AnS\fR]
@BAMAN@[\fB\-a\fR\ \fIauth_type\fR]
[\fB\-C\fR\ \fIfd\fR]
@LCMAN@[\fB\-c\fR\ \fIclass\fR|\fI\-\fR]
@@ -362,6 +362,11 @@ command line arguments. If \fIcommand\fR is specified but not allowed,
\&\fBsudo\fR will exit with a return value of 1. If the \fB\-l\fR flag is
specified with an \fBl\fR argument (i.e. \fB\-ll\fR), or if \fB\-l\fR
is specified multiple times, a longer list format is used.
.IP "\-n" 12
.IX Item "-n"
The \fB\-n\fR (\fInon-interactive\fR) option prevents \fBsudo\fR from prompting
the user for a password. If a password is required for the command
to run, \fBsudo\fR will display an error messages and exit.
.IP "\-P" 12
.IX Item "-P"
The \fB\-P\fR (\fIpreserve\fR \fIgroup vector\fR) option causes \fBsudo\fR to

14
sudo.pod
View File

@@ -27,12 +27,12 @@ sudo, sudoedit - execute a command as another user
=head1 SYNOPSIS
B<sudo> B<-h> | B<-K> | B<-k> | B<-L> | B<-V> | B<-v>
B<sudo> [B<-n>] B<-h> | B<-K> | B<-k> | B<-L> | B<-V> | B<-v>
B<sudo> B<-l[l]> [B<-AS>] S<[B<-g> I<groupname>|I<#gid>]> S<[B<-U> I<username>]>
B<sudo> B<-l[l]> [B<-AnS>] S<[B<-g> I<groupname>|I<#gid>]> S<[B<-U> I<username>]>
S<[B<-u> I<username>|I<#uid>]> [I<command>]
B<sudo> [B<-AbEHPS>]
B<sudo> [B<-AbEHnPS>]
S<[B<-a> I<auth_type>]>
S<[B<-C> I<fd>]>
S<[B<-c> I<class>|I<->]>
@@ -41,7 +41,7 @@ S<[B<-r> I<role>]> S<[B<-t> I<type>]>
S<[B<-u> I<username>|I<#uid>]>
S<[B<VAR>=I<value>]> [S<{B<-i> | B<-s>] [<I<command>}>]
B<sudoedit> [B<-AS>]
B<sudoedit> [B<-AnS>]
S<[B<-a> I<auth_type>]>
S<[B<-C> I<fd>]>
S<[B<-c> I<class>|I<->]>
@@ -260,6 +260,12 @@ B<sudo> will exit with a return value of 1. If the B<-l> flag is
specified with an B<l> argument (i.e. B<-ll>), or if B<-l>
is specified multiple times, a longer list format is used.
=item -n
The B<-n> (I<non-interactive>) option prevents B<sudo> from prompting
the user for a password. If a password is required for the command
to run, B<sudo> will display an error messages and exit.
=item -P
The B<-P> (I<preserve> I<group vector>) option causes B<sudo> to

8
sudo_usage.h.in
View File

@@ -5,9 +5,9 @@
* Usage strings for sudo. These are here because we
* need to be able to substitute values from configure.
*/
#define SUDO_USAGE1 " -h | -K | -k | -L | -V | -v"
#define SUDO_USAGE2 " -l[l] [-AS] [-g groupname|#gid] [-U username] [-u username|#uid] [-g groupname|#gid] [command]"
#define SUDO_USAGE3 " [-AbEHPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] [<command>]"
#define SUDO_USAGE4 " -e [-AS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] file ..."
#define SUDO_USAGE1 " [-n] -h | -K | -k | -L | -V | -v"
#define SUDO_USAGE2 " -l[l] [-AnS] [-g groupname|#gid] [-U username] [-u username|#uid] [-g groupname|#gid] [command]"
#define SUDO_USAGE3 " [-AbEHnPS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] [-g groupname|#gid] [VAR=value] [-i|-s] [<command>]"
#define SUDO_USAGE4 " -e [-AnS] @BSDAUTH_USAGE@@SELINUX_USAGE@[-C fd] @LOGINCAP_USAGE@[-g groupname|#gid] [-p prompt] [-u username|#uid] file ..."
#endif /* _SUDO_USAGE_H */